Application Security DevSecOps Specialist

Who we are

NTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team.

What you’ll be doing

• Incorporate security controls and standards into all phases of the software development lifecycle (SDLC).
• Collaborate with developers to adopt secure coding practices, including OWASP compliance.
• Conduct threat modeling and evaluate design documents to identify security vulnerabilities.
• Establish security requirements and acceptance criteria for application development projects.
• Design and implement security automation within CI/CD workflows using tools for SAST, DAST, IAST, SCA and compliance monitoring.
• Develop custom security testing frameworks compatible with agile and DevSecOps models.
• Conduct infrastructure-as-code (IaC) configuration checks and enforce compliance policies.
• Automate secrets scanning, credential hygiene practices, and dependency vulnerability reviews.
• Execute static (SAST) and dynamic (DAST) application security assessments.
• Perform manual penetration testing and secure code reviews to detect risks.
• Analyze application dependencies and third-party components, ensuring vulnerability remediation.
• Validate security fixes via rigorous regression testing and secure deployment methods.
• Prepare training initiatives for developers on secure coding practices, application security principles, and DevSecOps workflows.
• Create and disseminate security documentation, guidelines, and playbooks for developers and architects.
• Mentor engineers to adopt security-first product development and incident prevention strategies.
• Establish and support developer security champion programmes within agile teams.
• Implement robust security controls for containerized workloads in Docker, Kubernetes, and similar platforms.
• Design and secure API endpoints and microservices architectures.
• Leverage cloud security services on AWS, Azure, or GCP to deliver secure, scalable solutions.
• Advocate for best practices in secret management, repository vaulting, and cloud-native application monitoring.

What you'll bring along

• Bachelor’s degree in Cybersecurity, Computer Science, Software Engineering, or equivalent experience.
• Minimum 3-5 years of experience in application security engineering.
• Familiarity with implementing container security policies and securing high-performance CI/CD development ecosystems.
• Proficiency in multiple programming languages (e.g., Java, Python, JavaScript, Go, .NET).
• Extensive experience deploying application security tools like SonarQube, Checkmarx, Veracode, OWASP ZAP.
• Expertise in CI/CD tools and platforms (e.g., Jenkins, GitHub Actions, Azure DevOps).
• Solid understanding of container orchestration technologies (e.g., Kubernetes, Docker).
• Familiarity with cloud platforms (AWS, Azure, GCP) and IaC assessment tools (Terraform, CloudFormation).
• Advanced knowledge of the OWASP Top 10 vulnerabilities, secure coding techniques, and cryptographic best practices.
• Proficiency in API security testing and securing microservices.
• Hands-on involvement in framework-based security compliance efforts (ISO 27001, GDPR, SOC 2).
• Exceptional collaboration and communication abilities when interfacing with software teams.
• Strong problem-solving mindset to balance security priorities in fast-paced DevOps environments.
• Capable of delivering security-focused workshops and team mentoring.
• Must meet UK SC Clearance eligibility guidelines.
• Preferred certifications include CSSLP, GWEB, or a Certified DevSecOps Engineer qualification.
• AWS / Azure / GCP Security specialization certifications are advantageous.
• Excellent command of both spoken and written English.